Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 18817

18817 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-28798 Arbitrary internal service access via /v1/sys/proxy when Cloudflare Tunnel is enabled on ZimaOS — ZimaOSCWE-918 9.1 Critical2026-04-03
CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow — mlflow/mlflowCWE-306 9.8AICriticalAI2026-04-03
CVE-2026-35216 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step — budibaseCWE-78 9.1 Critical2026-04-03
CVE-2026-25043 Budibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email Flooding — budibaseCWE-770 5.3 Medium2026-04-03
CVE-2026-31402 nfsd: fix heap overflow in NFSv4.0 LOCK replay cache — Linux 9.8 Critical2026-04-03
CVE-2026-35537 Roundcube Webmail 代码问题漏洞 — WebmailCWE-502 3.7 Low2026-04-03
CVE-2024-14033 Hirschmann EagleSDV Denial of Service via TLS — Hirschmann EagleSDVCWE-400 7.5 High2026-04-02
CVE-2024-14034 Hirschmann HiEOS Authentication Bypass via HTTP Management Module — Hirschmann HiEOS LRS11CWE-287 9.8 Critical2026-04-02
CVE-2026-34834 Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation — webmailCWE-287 8.2AIHighAI2026-04-02
CVE-2026-35383 Bentley Systems iTwin Platform exposed access token — iTwin PlatformCWE-540 6.5 Medium2026-04-02
CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure — oneuptimeCWE-862 8.2AIHighAI2026-04-02
CVE-2026-34758 OneUptime: Missing Authentication on Notification Endpoints — oneuptimeCWE-306 9.1 Critical2026-04-02
CVE-2026-34745 Unauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/public — fireshareCWE-22 9.1 Critical2026-04-02
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme — Kiro IDECWE-79 7.8 High2026-04-02
CVE-2026-34742 Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost — go-sdkCWE-1188 7.1AIHighAI2026-04-02
CVE-2026-34736 Open edX Platform: Account Activation Bypass via activation_key Exposure in REST API — openedx-platformCWE-287 5.3 Medium2026-04-02
CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" — yeswikiCWE-79 6.1AIMediumAI2026-04-02
CVE-2026-34577 Postiz: Unauthenticated Full-Read SSRF via /public/stream Endpoint with Trivially Bypassable Extension Check — postiz-appCWE-918 8.6 High2026-04-02
CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-287 5.3AIMediumAI2026-04-02
CVE-2026-34523 SillyTavern: Path traversal allows file existence oracle — SillyTavernCWE-22 5.3 Medium2026-04-02
CVE-2026-34827 Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser — rackCWE-407 7.5 High2026-04-02
CVE-2026-34829 Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length — rackCWE-400 7.5 High2026-04-02
CVE-2026-34230 Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header — rackCWE-400 5.3 Medium2026-04-02
CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation — signalk-serverCWE-284 7.5AIHighAI2026-04-02
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity — signalk-serverCWE-285 9.4 Critical2026-04-02
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQCWE-943 8.2AIHighAI2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor — phpMyFAQCWE-20 6.1AIMediumAI2026-04-02
CVE-2026-26927 URL (HTTP Origin) call location spoofing in Szafir SDK Web — Szafir SDK WebCWE-348 8.1AIHighAI2026-04-02
CVE-2026-29782 OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 — openstamanagerCWE-502 7.2 High2026-04-02
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones ControllerCWE-698 9.8 Critical2026-04-02

Vulnerabilities classified as access:pre-auth represent 18817 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.